At MAMF, we make the security of the data entrusted to us by our clients a priority. Therefore, based on best practices, we have implemented an Information Security Management System (ISMS) that is compliant with ISO 27001.

An ISO 27001 compliant ISMS guarantees a sufficiently high level of information and personal data security.

All processes and policies are detailed in the extensive documentation that is part of the ISMS. All MAMF employees are aware of the rules and their responsibilities regarding data protection and information security. Regular training and audits, both internal and external, are organized for this purpose. 

We have established procedures for responding to potential security incidents, which allow us to respond promptly to any reported or detected incidents. Appropriate designated individuals respond immediately upon receipt of a report and find a solution to the problem in accordance with the procedures described in the ISMS. All incidents are immediately reported to the customers. We continuously test and update all procedures.  All incidents are also properly documented, with tools and procedures being implemented to prevent similar incidents in the future. 

All services we select and recommend are vetted to ensure information security and confidentiality of personal information.  We make sure that servers are located within the European Union in data centers compliant with GPDR and ISO 27001 standards. For cloud solutions, we always try to use an EU-based region.

Appropriate architecture and design of applications and implemented data access rules ensure that confidential data can be accessed only by persons for whom it is necessary. Data redundancy is verified and reduced.

We consider all data protection measures, starting from the creation of the information architecture, and verify them in subsequent project phases.

We make sure that every connection to our services and between services is encrypted using TLS.  This guarantees the comprehensive security of the data transmitted in our applications.

Appropriate architecture and design of applications and implemented data access rules ensure that confidential data can be accessed only by persons for whom it is necessary. Data redundancy is verified and reduced.

We design mobile applications based on the best security standards such as:

• Storing sensitive data in an encrypted format
• Encrypting data and files stored in the application
• Encrypting databases
• Encrypting all communications using TLS and SSL Pinning
• Avoiding storage of access keys in the source code
• Code obfuscation

Software development cycle

The entire software development cycle is based on best practices and procedures described in the ISMS. By implementing the DevOps concept, we ensure security and confidentiality at every stage of design and development.

Detailed security requirements are clearly captured in the requirements phase and then verified in subsequent stages through automated testing and code review.

The implemented CI warns of any logical errors detected, as well as coding style violations, which helps us maintain high-quality code that meets security and data confidentiality standards.

Every change made in the production environment goes through a set of automated tests beforehand, as well as routine manual tests.

Separation of environments

We make sure that the production and development environments are always completely separated from each other, both physically and logically. This means that they are always on different machines, on separate networks, with separate access policies.

Monitoring and logging

We ensure proper logging of all network and application events so that we have a comprehensive view of the current security and stability status of all our applications. We also have continuous monitoring in place so that a properly dedicated team can respond immediately to any issues that arise.

We know that ensuring security is an ongoing process, so we are constantly looking for areas to improve in our Information Security Management System. To this end, we regularly train our employees, conduct internal and external audits, and test and update our procedures and processes.